Reply is the place to meet an incredible variety of enthusiastic, passionate, ideas-driven people, who want to make a difference and an impact.Would you like to know more?
Spike Reply is the Reply group company specialising in consultancy services and integrated solutions for business security & fraud management. Spike Reply supports businesses in processes to tackle all aspects of risk associated with an information system, from identifying threats and vulnerabilities to establishing, designing and implementing the relevant technological, legal, organisational, insurance and risk-retention countermeasures. Spike Reply assists enterprises wishing to enhance their security posture while continuing to operate in optimum conditions.
The technological age and the digitisation of information make it difficult to determine the identity of a person in the digital realm. It is difficult to accurately determine the identity of the person on the other side of an e-mail message, or know with certainty the source of any information available in cyberspace. Although there are attributes associated with an individual’s digital identity, these attributes or even entire identities can be changed, masked or discarded and new ones created. Who is reading the information? Who is storing the information? What are they doing with it? What does our digital identity say about us?
For most of us, giving out personal information such as our home telephone number or the number of our driving licence is an everyday occurrence. However, providing extra information through digital communication channels introduces privacy issues and the possibility of identity theft. More than ever, the information explosion, facilitated by an era of easy credit, has led to an increase in the type of crime that feeds on the inability of consumers to control who has access to sensitive information and how this information is safeguarded.
Currently, there is no standardised system for identification in cyberspace. It is not possible to identify an entity with certainty or to accurately tell whether an object has a specific characteristic.
Despite the fact that there are many authentication systems and digital identifiers that attempt to address these problems, a concrete need still exists for a unified and verified identification system.
In order to tackle the challenging situation whereby more and more individuals, devices, and “things” are assigned identities across networks, companies need to implement a dynamic IAM solution that serves employees, customers, partners and devices regardless of their location, nature and context of use.
In fact, with the development and growth of the
IoT (Internet of Things)1 and
IDoT (Identity of Things)2, IAM leaders in the digital businesses world now need a way of defining and managing the identities of “entities” (people, services and things) within a single framework.
In this sense, for those that have worked in the traditional field of identity management, the traditional fundamental goal – of being able to determine at all times who should be allowed to access what, when, how and why – is no longer sufficient. In this context, our identity can no longer be defined as an entity in itself but must be considered within the scope of its relationships. This is why IAM is evolving into a new paradigm:
IRM or Identity Relationship Management.
Within IRM, the concept of relationships carry more value than a “clearly proven identity”. The latter certainly has a highly valuable role where necessary, yet in everyday scenarios it is often the relationships that are the key to success – and not the identity. IRM requires services that are simple, flexible, scalable and designed to quickly verify identities and access privileges. It is therefore imperative that every business engages with its customers in a safe and efficient manner.
With the increased interconnectedness of people and things, the implementation and availability of Identity Management Model services inspired by the IRM model become fundamental. On the one hand, it is useful to be able to model relationships and to provide the added-value services that customers expect. On the other, it is vital to offer data owners the opportunity to control the information and personal data they own, and to define – for each “thing” and for each “relationship” – the specific types of access rights each entity can leverage in relation to their data.
How can we guarantee individual users full control over their proprietary data in such a complicated context and, at the same time, ensure the accuracy of the data associated with digital identities? One solution could be to take back control over identities, transferring this control from the data brokers that own them today, to trusted channels.
In Italy, the
SPID, ("Sistema Pubblico per la gestione dell'Identità Digitale" – or "Public system for digital identity management") is defined as a set of public and private entities that, after being accredited by the Agenzia per l'Italia Digitale (AgID), manage and provide registration, authentication and other identity data-related services to citizens and companies on behalf of other government agencies.
The relevant Decree of the President of the Council of Ministers (DPCM of 24 October 2014) specified:
SPID is a federated identity management system based on the SAML 2 standard where, under AgID control and coordination, citizens and companies can access services provided by “Service Providers” (SPs) using authentication and attribute distribution services offered by “Identity Providers” (IdPs) and “Qualified Attribute Providers” (AAs). In short, using only one identity provided by an Identity Provider, citizens and companies will be able to use the online services provided by all the Service Providers that have been accredited by the AgID.
This approach will ensure the correctness of identity-related data, avoiding the creation of a unique database and a unique point of vulnerability, and will circumvent the need to create multiple identities for accessing multiple online services.
Reply has extensive experience in the realm of Identity and Access Management and Governance, with projects across different industries and countries. What’s more, the Company has developed a proprietary methodology able to support its clients on technical, functional and organisational needs related to the issue of identities and to the connected security aspects. This methodology is based on a flexible approach, capable of adapting to the Client’s specific requirements and verified using the best-of-breed technology solutions available on the market and of evolving side by side with the evolution of the digital identities domain both in terms of technologies and business needs.
Reply is able to help clients to develop the most efficient “shield” against identity theft and against other threats that present a danger to digital identities, even within the scope of advanced scenarios such as: Internet-scale customers identity management, context and risk-based access management, identity API, omni-channel authentication and user experience. Reply can also support Clients in the process of setting up all the organisational and technical solutions needed to obtain the SPID accreditation as an Identity Provider or Service Provider.
1The Internet of Things (IoT, sometimes Internet of Everything) is the network of physical objects or "things" embedded within electronics, software, sensors, and connectivity for the purpose of enabling objects to exchange data with the manufacturer, operator and/or other connected devices based on the infrastructure of the Global Standards Initiative (supported by the International Telecommunication Union).
2The Identity of Things (IDoT) is an area of endeavour that involves assigning unique identifiers (UID) with associated metadata to devices and objects (things), enabling them to connect and communicate effectively with other entities over the Internet.